Improper RFC Protocol Validation in SAP Kernel Affects SAP NetWeaver and ABAP Platform
CVE-2026-27671

9.8CRITICAL

Key Information:

Vendor

SAP

Vendor
CVE Published:
9 June 2026

Badges

📰 News Worthy

What is CVE-2026-27671?

The SAP Kernel used in the Application Server ABAP of SAP NetWeaver and ABAP Platform has a vulnerability due to improper validation of RFC protocols. An unauthenticated attacker could exploit this flaw by sending specially crafted RFC requests that trigger logical errors within memory management. This exploitation can result in memory corruption, potentially compromising the confidentiality, integrity, and availability of the affected application. It is crucial for SAP users to apply the necessary patches to mitigate this risk.

Affected Version(s)

SAP NetWeaver AS ABAP and ABAP Platform KRNL64NUC 7.22

SAP NetWeaver AS ABAP and ABAP Platform 7.22EXT

SAP NetWeaver AS ABAP and ABAP Platform KRNL64UC 7.22

News Articles

SAP fixes critical flaws in NetWeaver and Commerce Cloud

SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud.

1 month ago

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.